Olivia Fraser


Olivia is an associate in Stephenson Harwood’s international data protection practice. She has experience advising on a variety of data protection issues, including in the context of commercial and corporate transactions. She is experienced with negotiation of data protection contracts, has drafted various policies, legitimate interest assessments and transfer impact assessments and has regularly advised on the impact of both Brexit and Schrems II.

  • Completed a full-time secondment to a Mercer, acting in the capacity of the EU and UK Data Protection Lead and advising on all aspects of data protection compliance across the UK and EU business. Sat with in a global privacy office and worked alongside legal, IT and compliance.
  • Advised on a wide ranging data protection compliance project for a world-leading analytics business, including the implementation of standard contractual clauses for international transfers involving vendors.
  • Advised a multi-national asset management company on various aspects of its UK data protection compliance, in particular, on intra group data sharing agreements and the new requirements for international transfers of personal data from the UK. This involved drafting a bespoke risk scoring framework for transfer impact assessments.
  • Advised a train company with a Group wide data protection project for the implementation of new policies and procedures for a number of operating companies. This included developing complex yet commercial risk assessment models.
  • Completed transfer impact assessments for various clients in relation to transfers of personal data from the UK and EU to India, the US, Singapore, Malaysia, and Qatar.
  • Advised a South Asian government on the drafting of its new data protection bill, drawing comparisons with the UK and EU GDPR.
  • Advised on personal data breaches to clients, assessing the likelihood of harm and drafting notifications to supervisory authorities and data subjects as required.
  • Assisted clients across a range of sectors with business implementation of the new data protection law in the Dubai International Financial Centre.
  • General data protection support for clients including, negotiating data processing addendums, assisting with registration, and drafting advice notes containing practical steps for compliance.
  • Advised international clients about the extra territorial effect of UK data protection legislation, including where necessary the requirement for UK or EU representatives
  • Supported various clients across a wide selection of industries in relation to cookie compliance.
  • Managed multiple complex DSARs simultaneously, leading on communication with the relevant supervisory authority and data subjects.